“It worked so well because it bypassed what people who have a basic knowledge of security know not to do. Even though it is incredibly simplistic, it was very effective,” said Collin Anderson, an independent cybersecurity researcher who is studying the attack.

If you enable two-step authentication or follow the rules regarding passwords, it did you no good when facing this speedy threat. As reported earlier, everything about the faux links to “Google Docs” seemed perfectly fine. It typically came from people you know, looked official, and even carried the Google name — something that should raise some alarm bells at Google.